#1111535 mbedtls: CVE-2025-47917

Package:
src:mbedtls
Source:
src:mbedtls
Submitter:
Naaz, Syeda Shagufta
Date:
2025-08-25 05:11:01 UTC
Severity:
normal
Tags:
#1111535#5
Date:
2025-08-19 07:05:47 UTC
From:
To:
Hi,

The following vulnerability affects the Bookworm mbedtls package version 2.28.3-1.

CVE-2025-47917:
Misleading memory management in mbedtls_x509_string_to_names()

This issue appears to have already been fixed in the mbedtls/3.6.4-1.
But Bookworm version is still vulnerable.

Regards,
Syeda Shagufta Naaz

#1111535#22
Date:
2025-08-25 05:07:50 UTC
From:
To:
Hi,

I have submitted a patch for the CVE fix for the Bookworm release and would appreciate a review - https://salsa.debian.org/debian-iot-team/mbedtls/-/merge_requests/6 .
Please let me know if any adjustments are needed.

Thanks in advance!

Syeda Shagufta Naaz